Sergey Chubarov
Security Expert
Paço de Arcos, Portugal
Actions
Sergey Chubarov is a Security and Cloud Expert with over 15 years of extensive experience in Microsoft technologies. As an instructor, Sergey is dedicated to guiding companies through the complexities of securely adopting cloud solutions. His consulting experience spans both the red and blue sides.
Certifications and recognitions include Microsoft MVP: Cloud Security, OSCP, OSEP, MCT, MCT Community Lead, EC Council CPENT & LPT, CREST CPSA & CRT, and many more.
Frequent Speaker at Prestigious Conferences: Black Hat, Hacker Halted, DEF CON, Wild West Hackin' Fest, Workplace Ninja Summit, Midwest Management Summit, and many others.
Prefers live demos and cyberattacks simulations.
Links
Awards
Area of Expertise
Topics
Offensive Azure Security
These days, working with a cloud platform is already commonplace. Companies choose Microsoft Azure for a number of benefits, including security. But there are some responsibilities on the customer side and that's may become weakest link in the chain.
A demo-based session shows attacks on the weakest link in 3 scenarios: Hybrid Identity, Legacy VM-based application and Modern Application.
The session includes:
- Pentesting Microsoft Entra ID Connect
- Finding cached credentials
- Getting control over Compute
- Extracting secrets from Key Vault
- Getting Access to App Service and Azure SQL Database
- Exploring Azure Web App Firewall
Mastering SOC with Microsoft Sentinel: Advanced Security Operations & Defensive Analysis
This session builds a solid foundation in security operations and defensive analysis, teaching you to detect, analyze, and respond to cyber threats.
Session contains:
- Attacker Methodology: Lockheed-Martin Cyber Kill-Chain and MITRE ATT&CK Framework.
- SIEM and ELK Stack: Sentinel and ELK Stack concepts.
- Windows Endpoint Security: Collect Windows processes, services, registry and PowerShell.
- Linux Endpoint Security: Linux daemons, Syslog Framework, and web logging
- IDPS: Integrate IDPS with Microsoft Sentinel.
- Active Directory Security: detecting Active Directory enumeration.
Microsoft Defender for Office 365 evasion. The story of confirmed vulnerability
Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.
Safe Attachments routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent.
Safe Links provides time-of-click verification of URLs.
It sounds cool and, in fact, is a black box that we should completely trust.
Session is an opening of this black box, based on own research and discovered vulnerabilities.
Vulnerability was reported and confirmed by Microsoft Security Research.
Live demos only.
Session contains:
- Testing malicious attachments. An example of attachments that are detected.
- Inside the sandbox. What is Safe Attachments from the inside and how does it work.
- Safe Attachments bypass. How the vulnerability was discovered.
- The fix. What did Microsoft do to fix the vulnerability
- Testing malicious links. An example of links that are blocked.
- Safe Links bypass. How attackers can bypass the link protection.
The session will be of interest to everyone who is interested in cloud protection and uses the Microsoft 365 cloud.
Clash of Colors: The Red vs. Blue Team Showdown
Electrifying conference session where these two opposing forces go head-to-head.
The Duel Rule: Attacker executes attacks against untested environment. Defender doesn't know what techniques attacker is going to use.
Session constains
- Ethical Hacking Demos. Attacker demonstrates ethical hacking techniques, revealing how they breach systems.
- Incident response. Defender counters with live demonstrations of incident response with Microsoft 365 XDR, Microsoft Sentinel and Copilot for Security.
- Attack mitigation. Defender fixes the environment to prevent this from happening again
From On-Prem to the Cloud. Hybrid AD attack path
Most businesses today use hybrid cloud and many of us will retire before companies fully migrate to the cloud. Cloud identity service Azure AD provides protection from advanced cybersecurity attacks, but what additional challenges appear when integrating with on-prem AD?
Let's check that out in advanced scenario-based session
Live demos only.
The session contains:
Getting Domain Admin through Azure AD Connect
Getting Domain Admin through Azure AD Connect Cloud Sync (new offering)
Token manipulation to bypass Auth & MFA
Hack the domain with your favourite management tool
It is difficult to imagine deployment and management without such tools as Group Policy, Config Manager, Intune.
Since deployment and management tools have high access level, they can become double-edged sword.
Session covers how different service accounts can be compromised and used for malicious intent.
Recommendations for how to mitigate will also be given.
The session contains:
- Warm-up: Getting Network Access Account credentials.
- Domain Join Account creds extraction.
- LAPS will improve your security. Maybe.
- The King of Them All: Compromising Client Push Account.
- Passwords in SQL database.
- Recommendations.
Mastering KQL: Interactive Learning and Practical Application
Have you been wondering how to utilize the logs in the cloud better? Do you have a need to be more interactive and smart in searching through your log data for Intune or EntraID?
Then you Must Learn KQL today.
This session will start with the basics and bring you up to a level where you will understand and be able to do effective queries in your own environment.
AMSI is the acronym that stops PowerShell attacks
PowerShell is a de facto scripting standard for administrative tasks on Windows. It's POWERful and already built in. This also makes it popular among attackers. To limit the damage Microsoft introduced a security feature Antimalware Scan Interface (AMSI).
The session will lift the veil on AMSI, as well as demonstrate methods can be used to bypass protection. The session contains:
- Understanding AMSI
- Reverse engineering AMSI
- AMSI bypass methods in Windows Server 2019
- AMSI bypass methods in Windows 11
Behind the curtain of PowerShell cmdlets
PowerShell is widely used, but a few thinks about how cmdlets work behind the scenes.
This knowledge allows IT administrators find hidden capabilities even in built-in cmdlets, developers create their own, and better understand PowerShell-based attacks for security engineers.
The session sheds light on well-known cmdlets and how to overcome some built-in limitations.
Demo-based session contains:
- Win32 API intro
- Monitoring Built-in Cmdlets API Calls
- Analyzing API Calls in a source code
- Abstract Win32 API functions with PSReflect
- Customize Built-in Cmdlets
Managed Identity for Hackers and Developers
There are so many managed cloud services today, it can be hard to follow what each is used for. This makes access management a critical area on which cloud security professionals should focus.
Managed identities provide an identity for applications to use when connecting to resources that support Microsoft Entra ID authentication.
As with any identity, this must be configured correctly, otherwise the identity may be compromised and the malicious actor can gain privileged access.
Session contains:
- Dive into Managed Identity and JWT tokens
- Azure resources enumeration
- Getting access to blob storage using compromised identity
- Retrieving Azure Key Vault secrets
- Extract data from SQL Database
Navigating the Battlefield: Leveraging MITRE ATT&CK Tactics
The current threat landscape necessitates organizations to proactively detect and remediate vulnerabilities before attackers discover and exploit them. The MITRE ATT&CK framework acts as a repository of tactics, techniques, and procedures that security professionals use to understand the behavior of attackers. Using the MITRE ATT&CK knowledge base that maps external and internal TTP, red teams can develop threat models and methodologies for more effective attacks. Researching the TTP through MITRE ATT&CK will enable analysts and defenders to better understand threats against their organizations or enterprises.
The session aims to better understand the importance of MITRE ATT&CK tactics in a live demo. The session will also demonstrate how Microsoft products use MITRE ATT&CK for SOC operations.
In the session:
- An introduction to MITRE ATT&CK tactics and techniques
- Designing breach and attack simulations process with the help of MITRE ATT&CK
- How Microsoft 365 Defender and Microsoft Sentinel use MITRE ATT&CK
Sneaky Defense Evasion. Windows 11 security bypassed
Today's cybercriminals have a hard time: antiviruses, whitelisting, intrusion detection systems, etc. are used by many companies around the world. However, the number of security incidents is on the rise. While defenders implement security features, attackers learn to bypass them. Defenders should also learn evasion technics to keep up with attackers.
Get insights on Windows 11 security bypass in advanced scenario-based session.
Live demos only.
The session contains:
- Preparing the payload. Microsoft Defender AV Evasion
- Downloading the payload. Attack Surface Reduction bypass
- Executing the payload. Abusing Applocker configurations
- Covering the tracks. Ransomware vs Controlled Folder Access
Pentesting Azure Container Services
Containers are playing their role in the digital transformation by providing a fast deployment of cloud-native applications. Containers are also often viewed as secure, which is true. But how are they really well configured?
A demo-based session.
The session includes:
- Containers 101
- Backdooring Docker containers images
- Poisoning images on Azure Container Registry
- Compromise containers on Azure Container Instance
- Compromise containers on Azure Kubernetes Services
- Vulnerability Assessment
AI-Powered Security: Enhancing Incident Response with Azure OpenAI
In this session, we will explore how Azure OpenAI can improve incident response strategies by leveraging advanced AI capabilities. Participants will gain insights into integrating Azure OpenAI with existing XDR and SIEM to enhance analysis, and mitigation of security threats.
Key Takeaways:
- The Easy Starter: How Microsoft 365 Copilot & Security Copilot can be used in security scenarios.
- Understanding Azure OpenAI: Learn about the core features and functionalities of Azure OpenAI and how they can be applied to security.
- Incident Response Automation: Discover how AI can automate and accelerate incident response processes, reducing the time to detect and respond to threats.
- Retrieval-Augmented Generation (RAG): Understand how RAG enhances AI models by retrieving relevant information from external data sources, improving the accuracy and relevance of AI-generated responses
- Fine-Tuning: Explore the process of fine-tuning pre-trained AI models to adapt them for specific security tasks, enhancing their performance and effectiveness
MMS 2025 at MOA Sessionize Event Upcoming
MC2MC Connect Upcoming
MMS 2024 Flamingo Edition Sessionize Event
Manchester365 Microsoft Cloud Engineering Summit Sessionize Event
Workplace Ninja Summit 2024 Sessionize Event
psconf.eu 2024 Sessionize Event
Experts Live Netherlands 2024 Sessionize Event
EC-Council Cyber Talks May 24
DevSum 2024 Sessionize Event
MODERN ENDPOINT MANAGEMENT EMEA SUMMIT 2024 Sessionize Event
EC-Council Cyber Talks Mar 24
EC-Council Cyber Talks Jan 24
European MCT Summit 2024 Sessionize Event
NDC Security 2024 Sessionize Event
ESPC23 - European SharePoint, Office 365 & Azure Conference Sessionize Event
Techorama Netherlands 2023 Sessionize Event
Workplace Ninja Summit 2023 Sessionize Event
MODERN ENDPOINT MANAGEMENT EMEA SUMMIT 2023 Sessionize Event
Experts Live Netherlands 2023 Sessionize Event
Techorama 2023 Belgium Sessionize Event
.NET Conference Armenia
CloudBrew 2022 - A two-day Microsoft Azure event Sessionize Event
Experts Live Netherlands 2022 Sessionize Event
Cloud Identity Summit '22 Sessionize Event
WorkPlace Ninja Summit 2022 Sessionize Event
European MCT Summit 2022 Sessionize Event
psconf.eu 2022 Sessionize Event
Techorama 2022 BE Sessionize Event
Microsoft 365 Virtual Marathon 2022 Sessionize Event
Teams Nation 2022 Sessionize Event
Canadian Cloud Summit 2022 Sessionize Event
MCT West Africa Cloud Bootcamp 2021 Sessionize Event
Azure Community Bootcamp Sessionize Event
CollabDays New England - Microsoft 365 2021 Sessionize Event
Virtual Azure Community Day #4 Sessionize Event
Cloud Identity Summit '21 Sessionize Event
BSides København 2021 Sessionize Event
PowerShell, DevOps and Cloud Conference Sessionize Event
Azure Summit Sessionize Event
WorkPlace Ninja Virtual Edition 2021 Sessionize Event
India Cloud Security Summit , 2021 Sessionize Event
Cloud Native Days with Kubernetes Sessionize Event
Azure Day Rome 2021 Sessionize Event
BSides Athens 2021
Offensive Azure Security
Wild West Hacking Fest
Offensive Azure Security
BSides Budapest 2021
Offensive Azure Security
Techorama 2021 Spring Edition Sessionize Event
M365 Philly Virtual 2021 Sessionize Event
Cloud Lunch and Learn Marathon 2021 Sessionize Event
Microsoft 365 Virtual Marathon Sessionize Event
Global Azure Virtual 2021, Greece Sessionize Event
Global Azure Austria 2021 Sessionize Event
Global Azure 2021-India Sessionize Event
Global Azure Virtual 2021 Sessionize Event
Global Azure 2021 - Spain Sessionize Event
MVPDays LIVE "Endpoint" Day Online 2021 Sessionize Event
Security BSides Dublin 2021 Sessionize Event
MCT Summit 2021 Sessionize Event
Virtual Scottish Summit 2021 Sessionize Event
Azure Saturday - Belgrade 2021 Sessionize Event
Global Security and Compliance Community Conference Sessionize Event
Microsoft 365 Friday California 2021 Sessionize Event
Modern Workplace Conference Paris 2021 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top